I know that this has been discussed here before, but it is for me hard to understand and collect all information from this site regarding the Scan to SMB issue since I am a total SMB-Noob :o

Until now, I used for all my customers Scan to FTP very successful, but since FTP is becoming a safety issue I would like to learn the set-up procedure about Scan to SMB for W10-workstations and also Windows Server (Apple not yet....:cool:)

Any help please? Any written down procedures?

Hans

I know that this has been discussed here before, but it is for me hard to understand and collect all information from this site regarding the Scan to SMB issue since I am a total SMB-Noob :o

Until now, I used for all my customers Scan to FTP very successful, but since FTP is becoming a safety issue I would like to learn the set-up procedure about Scan to SMB for W10-workstations and also Windows Server (Apple not yet....:cool:)

Any help please? Any written down procedures?

Hans

54208

here is a guide above on how to set this up,

just to let you know windows 10 machines disable SMB1.0 as standard (it can be added via Programs & Features at the customers request as can be a security issue). If the machine is on the latest firmware you should be able to enable SMB1.0/SMB2.0 which will eliminate the SMB1.0 issue.

I know that this has been discussed here before, but it is for me hard to understand and collect all information from this site regarding the Scan to SMB issue since I am a total SMB-Noob :o

Until now, I used for all my customers Scan to FTP very successful, but since FTP is becoming a safety issue I would like to learn the set-up procedure about Scan to SMB for W10-workstations and also Windows Server (Apple not yet....:cool:)

Any help please? Any written down procedures?

Hans

Hi Hans. Ever tried to use the SMB(SAMBA) server on the machine? It creates share folders for scanned documents on the machine HDD itself. Its easy to access your scans from any computer on that network using a username and password to access to folder securely. Its much more reliable in my opinion. You can setup links to the folder or just put the printer IP into any browser to access it.

Its as easy as creating a User Box and then enabling sharing on it. You can set it to clean out the scans once a month or so. The only drawback is that you need to transfer the documents to your PC.
In that case that the customer does not like that you can sync(backup) the folder to the local PC or server.

Why I like this so much is the fact that its independent from the user names, passwords and individual security settings on each PC. It also makes the customer use to User Boxes for printing and other functions. Its easy to setup even easier that scan to email.

The BizHub User boxes are not used to its full potential and once a customer is into it they will not move to another product without massive motivation. It beats me why its not used more.

Hi Hans. Ever tried to use the SMB(SAMBA) server on the machine? It creates share folders for scanned documents on the machine HDD itself. Its easy to access your scans from any computer on that network using a username and password to access to folder securely. Its much more reliable in my opinion. You can setup links to the folder or just put the printer IP into any browser to access it.

Its as easy as creating a User Box and then enabling sharing on it. You can set it to clean out the scans once a month or so. The only drawback is that you need to transfer the documents to your PC.
In that case that the customer does not like that you can sync(backup) the folder to the local PC or server.

Why I like this so much is the fact that its independent from the user names, passwords and individual security settings on each PC. It also makes the customer use to User Boxes for printing and other functions. Its easy to setup even easier that scan to email.

The BizHub User boxes are not used to its full potential and once a customer is into it they will not move to another product without massive motivation. It beats me why its not used more.

I generally like the Idea of having the SMB Server on the Machine. Spares ressources on another Server and could actually make the Customer convienced to stay with you and that machine.

However, the issue i see here is that unless the Customer is working on a Terminal-Server Only Workplace with 2 different Networks, the copier would create a extremly bad security issue. You see, the encryption on the bizhub MFPs (except the newest) have a very bad standard with a lot of security issues. I can easily "hack" myself into a MFP from within the network. I reported about 30 different ways of "hacking" the mfp's in 1.5 years to KM so far. As soon as you enable any Machine's intern Server, no matter if Internet ISW, Internal FTP Server or SMB Server, you are very vulnerable.
Unless i have a very specific and strict IT Setup at the Customer, i just do not put it into Network for anything else than the communication with a Print Server that handles everything. Even the Antivirus Kit does not stop all attacks.
I might be very extreme in these situations, but if any of my customers gets hacked i want to be able to say "it wasnt my fault" and i want my machine to be fine.

From the everyday experience with customers I have developed a software:
"Copy Setup2" installs printing and scan to SMB on customer computers mostly automatically:
- Intuitive operation
- Save time and money - pure program run, depending on computer speed - only approx.: 90 seconds
- Universal printer driver not part of the program
- Selection of SMB1 or SMB2 protocol
- 32- and 64-bit version included
- Compatible with Win 10 and Win Server 2019
- Configures Win Firewall
- secure, because own account - without admin rights - only for scanning
- creates folder with desktop link
- Conveniently with a labeled USB stick

If my post is not allowed, I will of course delete it.

.

If my post is not allowed, I will of course delete it.

Other contributors are selling their stuff here too........ ;)

Hans

From the everyday experience with customers I have developed a software:
"Copy Setup2" installs printing and scan to SMB on customer computers mostly automatically:
- Intuitive operation
- Save time and money - pure program run, depending on computer speed - only approx.: 90 seconds
- Universal printer driver not part of the program
- Selection of SMB1 or SMB2 protocol
- 32- and 64-bit version included
- Compatible with Win 10 and Win Server 2019
- Configures Win Firewall
- secure, because own account - without admin rights - only for scanning
- creates folder with desktop link
- Conveniently with a labeled USB stick

If my post is not allowed, I will of course delete it.


I like this very much, IF open source :D

Few Questions tho:
- SMB1? WHY?
- Same Windows User Account with the same Password everytime or has to be set by "User" (of the programm)?
- Who uses the Windows Firewall?
- Disabled the User Dir of the respective Scanning User?
- Secure Password?
- Access to any other Folders on the System explicit denied?

If you can answer all this with yes, i am interested.

I like this very much, IF open source :D

Few Questions tho:
- SMB1? WHY?
- Same Windows User Account with the same Password everytime or has to be set by "User" (of the programm)?
- Who uses the Windows Firewall?
- Disabled the User Dir of the respective Scanning User?
- Secure Password?
- Access to any other Folders on the System explicit denied?

If you can answer all this with yes, i am interested.

1. Program asks if you want SMB1 or SMB2, because of older machines (or with older firmware), which are not able to use SMB2. (Program makes SMB1 Protocol without expire after 14 days not used.)
2. Program creates an own Windows User Account (with light skrypting name) only for scanning with a 10-digit password created by a random generator (Password doesn't expire). For every PC a new password.
3. Program opens the correct ports (Program see if privat, domain or public). Or what do you mean?
4. I'm not sure if I understand in right way. User Directory is not disabled.
5. Yes, Secure string. (Programming is not possible without secure string)
6. Scan user account has no access to any other folder.

This is what I do:

1. If you need SMB 1.0 enter windows features and enable "server" under CIFS 1.0 settings. You can enable "client" too.
Disable "auto removal option"
2. Disable SMB direct. Apply settings and restart PC.
3. If user doesn't have a password create a new user with password.
4. Create a new folder and share it with user with password. Allow read/write.
5. In advanced options (Contro panel/Network&sharing center) turn ON "Network discovery" and "File and printer sharing" for current network profile.
Using PRIVATE profile is recommended.
For older machines select 40 or 56 bit encryption instead 128 bit.
Password protected sharing should be set to ON.
Save&exit.

6. On machine side create a SMB address book entry.
Enter computer name and folder name, usename and password.
You can use "Reference" tab to browse the network, select desired HostPC, then folder. You'll be prompted with username and password. Use credentials of existing or newly created PC user.

Allways works.

P.S. For i series (or any machine that supports SMB2/3) skip No. 1.

1. Program asks if you want SMB1 or SMB2, because of older machines (or with older firmware), which are not able to use SMB2. (Program makes SMB1 Protocol without expire after 14 days not used.)
2. Program creates an own Windows User Account (with light skrypting name) only for scanning with a 10-digit password created by a random generator (Password doesn't expire). For every PC a new password.
3. Program opens the correct ports (Program see if privat, domain or public). Or what do you mean?
4. I'm not sure if I understand in right way. User Directory is not disabled.
5. Yes, Secure string. (Programming is not possible without secure string)
6. Scan user account has no access to any other folder.

Ok and where is the generated password stored? I see that you are from Germany too and we (in the IT department) are required by law to document any User Accounts with full User Credentials.
Also, the setting "Password does not expire" does not apply if you use a GPO (Group Policy) on a Domain Controller in the Network. Quite usual setup for larger companies.
And no, i meant that most People use a Antivirus like BitDefender or Kaspersky that replaces windows build in firewall.

And for the User Directory thing, please refer to this link: batch file - Windows: user without home directory - Stack Overflow (https://stackoverflow.com/questions/23559030/windows-user-without-home-directory) and look for the second part of MC ND answer

This post from mincopier helped me quite a few times:
https://www.copytechnet.com/forums/konica-minolta/145076-trouble-c224e-smbing-windows-10-pro-post1188584.html?highlight=#post1188584

This post from mincopier helped me quite a few times:
https://www.copytechnet.com/forums/konica-minolta/145076-trouble-c224e-smbing-windows-10-pro-post1188584.html?highlight=#post1188584


u got the file he shared? Link is expired

There are as many guides as there are OS's, and variations of those as well..All anyone can offer is a basic template (which is available via the online user manuals), and there are 100 different factors blocking your efforts..All you get is a server connection or login failure..Today you are faced with DFS, VPNs, wireless/wired combos, security features, and many other customer side issues along with firmware and function version updates on the machine side....In many situations I have simply given up..nor do I want to be responsible for making security policy changes, adding programs, creating service accounts..ect ect..In a few cases I was forced to just enable usb save and say "until your IT can figure this out, here you go:. Just because the old machine worked, doesn't mean the new one will as well. E

There are as many guides as there are OS's, and variations of those as well..All anyone can offer is a basic template (which is available via the online user manuals), and there are 100 different factors blocking your efforts..All you get is a server connection or login failure..Today you are faced with DFS, VPNs, wireless/wired combos, security features, and many other customer side issues along with firmware and function version updates on the machine side....In many situations I have simply given up..nor do I want to be responsible for making security policy changes, adding programs, creating service accounts..ect ect..In a few cases I was forced to just enable usb save and say "until your IT can figure this out, here you go:. Just because the old machine worked, doesn't mean the new one will as well. E

I have a serious dislike for SMB. Ever used webdav?

u got the file he shared? Link is expired
Sorry to be late...too much work. I think mincopier updated link in another thread.

Ok and where is the generated password stored? I see that you are from Germany too and we (in the IT department) are required by law to document any User Accounts with full User Credentials.
Also, the setting "Password does not expire" does not apply if you use a GPO (Group Policy) on a Domain Controller in the Network. Quite usual setup for larger companies.
And no, i meant that most People use a Antivirus like BitDefender or Kaspersky that replaces windows build in firewall.

And for the User Directory thing, please refer to this link: batch file - Windows: user without home directory - Stack Overflow (https://stackoverflow.com/questions/23559030/windows-user-without-home-directory) and look for the second part of MC ND answer

Password is in same way stored, than you make it without software. What's the problem with documentation scan user? Software prints it for one touch keys. Maybe you have to add anything?
Software is not only for domain networks.

If you logon as scan user it creates a profile and a directory structure, but not if you scan during default user is logon.